Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

PBR Bug - Cannot delete it

Hello all,

 

I am having an issue with a Security Gateway (R80.10, build number 1) to delete a Policy Rule. I have tried to delete is from GUI and CLI but it is still listed in Expert Mode:

 

[Expert@GW1:0]# ip rule list
19: from 192.168.50.0/29 lookup 9 hit 90788   <---- 

Weirdest thing is that if I add a new Policy Rule with ID 19, the old one Policy Rule which should be deleted still appear there:

 

[Expert@GW1:0]# ip rule list
19: from 192.168.50.0/29 lookup 9 hit 90788
19: from 192.168.80.0/25 lookup 9

Can you please tell me if there is a way to delete this Policy Rule from the Expert mode directly (this Policy Rule is aleready deleted from GUI/CLI)?.  Thank you very much.

 

Best Regards.

 

0 Kudos
5 Replies
Highlighted
Admin
Admin

Re: PBR Bug - Cannot delete it

If the clish command isn't properly removing the route, it's likely a bug and you should probably open a TAC case.
0 Kudos
Highlighted

Re: PBR Bug - Cannot delete it

Hi guys,

Just to chime in, ran into this issue today. Tried deleting the PBR rules, then cpstop;cpstart, and ip rule list still showed the wrong rules. A little bit expected, as restarting the cp daemons shouldn't affect the inner working of the system in this case.

Was tempted to remove it manually via the ip command, but since that's generally not advisable and as this had a maintenance window, I rebooted the node and everything is fine now.

This was under R80.20 take 141

0 Kudos
Highlighted
Employee
Employee

Re: PBR Bug - Cannot delete it

There are multiple parts to the problem. Leaving PBR rule in the kernel happens whenever user tried to delete it and it is deleted from the configuration database as well as from routed.conf  but  the back-end process 'routed' didn’t get a chance to delete it from the kernel. Mostly routed is crashed or something went wrong with the routed.conf file.

Once the system is in the weird state, here is the suggested approach:

  1.        Check the config system with ‘dbget  –arv  routed:instance:default:pbrrules”, if it doesn’t exists then
  2.        Check with “ip rule list”, if it exists only way to remove is using ‘ip   rule delete’ command or 
  3.        Reboot the system to reset the PBR rules in the kernel.

 

We need to find out the root cause of routed crash and this is only a side effect.  This can happen with any other feature also.

Since you are able to add PBR rule later, mostly something to do with some other configuration that you have done along with PBR configuration.

If the problem still persists, you can upgrade to new JHF or release. You can also open a ticket with TAC for further help.

-Raghu

0 Kudos
Highlighted

Re: PBR Bug - Cannot delete it

Hi,

I actually viewed the state of routed, via the cpwd_admin list and show cluster-state and it seemed that everything was fine. Additionally, there were no core dumps under the /var/log/dumps

0 Kudos
Highlighted
Employee
Employee

Re: PBR Bug - Cannot delete it

In some scenarios, routed just restarts without dumping core. You will get to know from syslog messages. You can see the process id also changes. You can open a ticket with TAC, still if you need help with it.

0 Kudos